commit | author | age
|
db6af5
|
1 |
--- |
VP |
2 |
- name: Step 001 Deploy Infrastructure |
|
3 |
hosts: localhost |
|
4 |
connection: local |
|
5 |
gather_facts: false |
|
6 |
become: false |
|
7 |
tags: |
|
8 |
- step001 |
|
9 |
- deploy_infrastructure |
|
10 |
tasks: |
|
11 |
- name: Ensure gcloud is installed |
|
12 |
environment: |
|
13 |
PATH: /usr/bin |
|
14 |
command: which gcloud |
|
15 |
register: gcloud_result |
|
16 |
|
|
17 |
- name: Fail if gcloud not available |
|
18 |
fail: |
|
19 |
msg: you need Google Cloud SDK installed |
|
20 |
when: gcloud_result is failed |
|
21 |
|
3c81a6
|
22 |
- name: Check for auto-generated SSH Key |
VP |
23 |
stat: |
|
24 |
path: "{{output_dir}}/{{env_authorized_key}}" |
|
25 |
register: env_authorized_key_status |
|
26 |
tags: |
|
27 |
- check_for_env_keys |
|
28 |
|
db6af5
|
29 |
- name: Get SSH public key |
VP |
30 |
set_fact: |
|
31 |
ssh_key: "~/.ssh/{{key_name}}.pem" |
|
32 |
ssh_key_data: "{{lookup('file', '~/.ssh/{{key_name}}.pub')}}" |
|
33 |
tags: |
|
34 |
- set_existing_ssh_key |
|
35 |
- must |
|
36 |
- create_inventory |
3c81a6
|
37 |
when: not env_authorized_key_status.stat.exists |
db6af5
|
38 |
|
VP |
39 |
- name: Get SSH public key |
|
40 |
set_fact: |
|
41 |
ssh_key: "{{output_dir}}/{{env_authorized_key}}" |
|
42 |
ssh_key_data: "{{lookup('file', '{{output_dir}}/{{env_authorized_key}}.pub')}}" |
|
43 |
tags: |
|
44 |
- set_generated_ssh_key |
|
45 |
- must |
|
46 |
- create_inventory |
3c81a6
|
47 |
when: env_authorized_key_status.stat.exists |
db6af5
|
48 |
|
VP |
49 |
- name: Set the destination for the template |
|
50 |
set_fact: |
|
51 |
t_dest: "{{output_dir}}/{{ env_type }}.{{ guid }}.{{cloud_provider}}_cloud_template" |
|
52 |
tags: |
|
53 |
- gcp_infrastructure_deployment |
|
54 |
- validate_gcp_template |
|
55 |
- gen_gcp_template |
|
56 |
|
|
57 |
- name: Generate GCP deployment manager template |
|
58 |
template: |
|
59 |
src: "../configs/{{ env_type }}/files/cloud_providers/{{cloud_provider}}_cloud_template.j2" |
|
60 |
dest: "{{t_dest}}" |
|
61 |
tags: |
|
62 |
- gcp_infrastructure_deployment |
|
63 |
- validate_gcp_template |
|
64 |
- gen_gcp_template |
|
65 |
|
|
66 |
- name: Starting Google deployment-manager with template |
|
67 |
environment: |
|
68 |
PATH: /usr/bin |
|
69 |
CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE: "{{ gcp_credentials_file }}" |
|
70 |
CLOUDSDK_COMPUTE_REGION: "{{ gcp_region }}" |
|
71 |
CLOUDSDK_CONFIG: "{{ output_dir }}/.gcloud-{{ guid }}" |
|
72 |
CLOUDSDK_CORE_PROJECT: "{{ gcp_project_id }}" |
|
73 |
command: >- |
|
74 |
gcloud deployment-manager deployments |
|
75 |
create "{{ project_tag }}-base" |
|
76 |
--config "{{ t_dest }}" |
|
77 |
register: gcp_deploy |
|
78 |
tags: |
|
79 |
- gcp_infrastructure_deployment |
|
80 |
- gcp_deployment_manager |
|
81 |
until: gcp_deploy is succeeded |
|
82 |
retries: 0 |
|
83 |
|
|
84 |
- debug: |
|
85 |
var: gcp_deploy |
|
86 |
verbosity: 2 |
|
87 |
tags: |
|
88 |
- gcp_infrastructure_deployment |
|
89 |
|
|
90 |
- name: Run infra-gcp-create-inventory Role |
|
91 |
import_role: |
|
92 |
name: infra-gcp-create-inventory |
|
93 |
|
|
94 |
- name: Fetch DNS zone Info |
|
95 |
gcp_dns_managed_zone_facts: |
|
96 |
dns_name: '{{ cluster_dns_zone + "."}}' |
|
97 |
project: "{{ gcp_project_id }}" |
|
98 |
auth_kind: "{{ gcp_auth_type }}" |
|
99 |
service_account_file: "{{ gcp_credentials_file }}" |
|
100 |
register: gcp_managed_zone |
|
101 |
tags: |
|
102 |
- gcp_infrastructure_deployment |
|
103 |
when: |
|
104 |
- HostedZoneId != "none" |
|
105 |
|
|
106 |
- name: Add delegation for NS to the main DNSZone |
|
107 |
gcp_dns_resource_record_set: |
|
108 |
project: "{{ gcp_project_id }}" |
|
109 |
auth_kind: "{{ gcp_auth_type }}" |
|
110 |
service_account_file: "{{ gcp_credentials_file }}" |
|
111 |
managed_zone: "{{ gcp_managed_zone.resources[0] }}" |
|
112 |
name: '{{ guid + "." + cluster_dns_zone + "."}}' |
|
113 |
type: NS |
|
114 |
ttl: 600 |
|
115 |
target: |
|
116 |
- "{{ gcp_managed_zone.resources[0].nameServers[0] }}" |
|
117 |
- "{{ gcp_managed_zone.resources[0].nameServers[1] }}" |
|
118 |
- "{{ gcp_managed_zone.resources[0].nameServers[2] }}" |
|
119 |
- "{{ gcp_managed_zone.resources[0].nameServers[3] }}" |
|
120 |
state: present |
|
121 |
tags: |
|
122 |
- gcp_infrastructure_deployment |
|
123 |
when: |
|
124 |
- env_type != "ocp4-cluster" |
|
125 |
- HostedZoneId != "none" |
|
126 |
|
|
127 |
- name: Add bastion entry to the main DNSZone |
|
128 |
gcp_dns_resource_record_set: |
|
129 |
project: "{{ gcp_project_id }}" |
|
130 |
auth_kind: "{{ gcp_auth_type }}" |
|
131 |
service_account_file: "{{ gcp_credentials_file }}" |
|
132 |
managed_zone: "{{ gcp_managed_zone.resources[0] }}" |
|
133 |
name: '{{ "bastion." + guid + "." + cluster_dns_zone + "."}}' |
|
134 |
type: A |
|
135 |
ttl: 300 |
|
136 |
target: |
|
137 |
- '{{ hostvars[item].public_ip_address }}' |
|
138 |
state: present |
|
139 |
with_items: "{{ groups['bastions'] }}" |
|
140 |
tags: |
|
141 |
- gcp_infrastructure_deployment |
|
142 |
- gcp_set_bastion_dns |
|
143 |
when: |
|
144 |
- env_type == "ocp4-cluster" |
|
145 |
- groups["bastions"] is defined |
|
146 |
|
|
147 |
# Copy env_vars variables from the config to all hosts |
|
148 |
- import_playbook: ../include_vars.yml |
|
149 |
|
|
150 |
# TODO: use common infra role instead of this playbook |
|
151 |
- name: Configure local ssh config for bastion proxy use |
|
152 |
import_playbook: "{{cloud_provider}}_ssh_config_setup.yml" |
|
153 |
when: groups["bastions"] is defined and (groups["bastions"]|length>0) |
|
154 |
tags: |
|
155 |
- must |
|
156 |
- create_inventory |
|
157 |
|
|
158 |
- name: wait_for_connection for all non-windows machines and set hostname |
|
159 |
hosts: |
|
160 |
- all:!windows:!network |
|
161 |
gather_facts: false |
|
162 |
become: true |
|
163 |
tags: |
|
164 |
- step001 |
|
165 |
- wait_ssh |
|
166 |
- set_hostname |
|
167 |
tasks: |
|
168 |
- name: wait for linux host to be available |
|
169 |
wait_for_connection: |
|
170 |
timeout: 300 |
|
171 |
register: rwait |
|
172 |
ignore_errors: true |
|
173 |
|
|
174 |
- name: restart instance if wait_for_connection failed |
|
175 |
become: false |
|
176 |
command: "gcloud compute instances reset '{{inventory_hostname}}' --zone '{{ gcp_zone }}'" |
|
177 |
delegate_to: localhost |
|
178 |
environment: |
|
179 |
CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE: "{{ gcp_credentials_file }}" |
|
180 |
CLOUDSDK_COMPUTE_REGION: "{{ gcp_region }}" |
|
181 |
CLOUDSDK_CONFIG: "{{ output_dir }}/.gcloud-{{ guid }}" |
|
182 |
CLOUDSDK_CORE_PROJECT: "{{ gcp_project_id }}" |
|
183 |
when: rwait is failed |
|
184 |
|
|
185 |
- name: wait for linux host to be available (retry) |
|
186 |
wait_for_connection: |
|
187 |
when: rwait is failed |
|
188 |
|
|
189 |
- ping: |
|
190 |
register: rping |
|
191 |
retries: 3 |
|
192 |
delay: 10 |
|
193 |
until: rping is succeeded |
|
194 |
|
|
195 |
- name: Populate /etc/hosts |
|
196 |
lineinfile: |
|
197 |
dest: /etc/hosts |
|
198 |
regexp: ' {{hostvars[item].internaldns}}$' |
|
199 |
line: '{{hostvars[item].private_ip_address}} {{hostvars[item].internaldns}}' |
|
200 |
with_items: "{{ groups['all'] }}" |
|
201 |
|